Security News > 2021 > February > Pre-Valentine’s Day Malware Attack Mimics Flower, Lingerie Stores
With Valentine's Day approaching this weekend, several people have received "Recent order" email confirmations for flowers or lingerie.
These emails are actually part of a spear-phishing attack, which ultimately leads recipients to a malicious document that executes the BazaLoader malware.
Recently, researchers found multiple BazaLoader campaigns in January and February, which have relied heavily on human interaction with different sites, PDF attachments and email lures.
"There were a range of lure and subject topics, including compact storage devices, office supplies, pharmaceutical supplies and sports nutrition, but what stuck out were campaigns that were timely and relevant to the upcoming Valentine's Day holiday," said researchers with Proofpoint on Thursday.
While researchers did not specify what malware gets loaded after this first-stage infection, BazaLoader has been noted for its code similarity to TrickBot, and has been associated with Ryuk ransomware infections.
The most recent Valentine's Day attack notably reflects an attack vector with an increase on human interaction.
News URL
https://threatpost.com/valentines-day-malware-attack/163900/
Related news
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- New RomCom malware variant 'SnipBot' spotted in data theft attacks (source)